I had a customer who wanted to extract information from AD by a custom application. Offcourse we could open port 389 and have them extract the info.. but perhaps it would be easier to just query the Global Catalog (if the info you want is in there)..

In this case he wanted to convert username to firstname, lastname, all those fields are in the GC.. so here’s the VBScript to prove that it works.. note that in the script we also give the username and password, this since the application is not on the AD network and the firewall between app and GC is only opened for 3268. The Adsi Flag field tells the connection how it should be created. 1 = Authenticate; It will try kerberos, NTLM, basic. 2=Encryption, can in this case not be used, since the querying machine and DC/GC are not in same domain, nor share any secret (no kerberos authentication). You can combine both by entering value 3.